this post was submitted on 22 Feb 2025
120 points (99.2% liked)

Technology

63082 readers
3993 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
120
Crypto exchange Bybit says a hacker took control of one of its cold Ethereum wallets, resulting in what analysts estimate was the loss of ~$1.5B worth of tokens (www.bloomberg.com)
submitted 9 hours ago by Mazdak@lemmy.org to c/technology@lemmy.world
27 comments fedilink hide all child comments
top 27 comments
sorted by: hot top controversial new old
[–] SplashJackson@lemmy.ca 0 points 21 minutes ago

I gotta get in on this hacking gig. Anyone know if any hacker groups are hiring?

/s for CSIS

[–] MedicPigBabySaver@lemmy.world 0 points 38 minutes ago

Oh no!

[–] Treczoks@lemmy.world 3 points 1 hour ago

The money is not gone, is just that someone else has it.

[–] GreenKnight23@lemmy.world 12 points 6 hours ago

lolfomo

[–] ryan213@lemmy.ca 49 points 8 hours ago (2 children)

More like bye-bit, am I right??

[–] Viri4thus@feddit.org 7 points 8 hours ago

Angry upvote you horrible genius.

[–] Darkcoffee@sh.itjust.works 26 points 9 hours ago (1 children)

I'm so glad I have no crypto of any kind. It's the wild west with no savings insurance, so once it's gone, it's gone.

[–] FaceDeer@fedia.io 2 points 7 hours ago

Depends which exchange you're using.

[–] nick@midwest.social 6 points 7 hours ago

lol good

[–] muntedcrocodile@lemm.ee 12 points 9 hours ago (7 children)

How does one get ones hands on a cold wallet?

[–] x00z@lemmy.world 10 points 6 hours ago (1 children)

[–] dhork@lemmy.world 10 points 5 hours ago (1 children)

Do I understand this correctly, then, that this was some sort of MITM attack where valid requests to the multisig parties were replaced by malicious code while still appearing to be valid to the signers? That must be an inside job.

And this is the first time I have heard the word "musked" in this context.....

[–] x00z@lemmy.world 3 points 3 hours ago

Do I understand this correctly, then, that this was some sort of MITM attack where valid requests to the multisig parties were replaced by malicious code while still appearing to be valid to the signers? That must be an inside job.

I have no idea. I guess they'll release a lot more info regarding this in the next few days.

And this is the first time I have heard the word “musked” in this context…

I think his English isn't good looking at the rest of the message. Might be "masked" instead.

[–] Transform2942@lemmy.ml 32 points 8 hours ago* (last edited 8 hours ago) (1 children)

My speculations:

  • "insecure from the start" - as in , the wallet was never that "cold"

  • with that amount of money, it's easy to imagine an "insider threat"

  • the hackers could have gotten lucky and struck right when the company was doing legitimate operations on the wallet

  • but probably it's a towering mountain of incompetence, composed of the elements above and more

[–] Evotech@lemmy.world 16 points 7 hours ago

Room temperature wallet

[–] FaceDeer@fedia.io 12 points 7 hours ago (2 children)

It's a common misconception that a "cold wallet" is offline. It's still on the blockchain like any other wallet, it's just the keys that aren't on any network-connected computer.

It appears that in this case hackers managed to trick Bybit employees into entering the keys into a fake UI that gave the hackers access to them.

[–] Kualk@lemm.ee 7 points 6 hours ago

That’s room temperature wallet. It was used while claiming asset unused.

It is not cold storage anymore.

[–] Kualk@lemm.ee 4 points 6 hours ago

Tricked or “tricked”.

[–] Zachariah@lemmy.world 9 points 8 hours ago

I recommend gloves.

[–] golli@lemm.ee 5 points 7 hours ago

What I don't quite understand is how there is 1.5 billion in a single wallet. Or how are these things structured?

This article puts their total assets under management at $15.7b, which are held in different cryptocurrencies with ethereum at just above $5b.

So I am wondering how they have more than 1/6 of their Ethereum in a single wallet or were these multiple that were connected and got compromised through the same vulnerability? How expensive is it to have more individual wallets? Would it not be feasible to have it split in something like $100m chunks? Or any other more moderate size.

[–] dhork@lemmy.world 4 points 8 hours ago

Well, either it wasn't as offline as they all thought, or someone pulled off an epic inside job.

[–] MintyFresh@lemmy.world 2 points 8 hours ago

With steely determination

[–] cupcakezealot@lemmy.blahaj.zone -2 points 6 hours ago (1 children)

how is $1.5 billion in worth calculated because no way bitcoin tokens are worth more than $20.